The Facebook Virus Spreads: No Social Network is Safe
"Koobface" is the name of the Trojan worm that's been making its way through the social networking site Facebook lately, but to the site's users, it's been simply known as "the Facebook virus." That name will soon become a misnomer, though, because the worm is now spreading outside of Facebook's walls to attack other social networks like Bebo, MySpace, Friendster, MyYearbook, and Blackplanet.
About Koobface
Once a computer has become infected with the Kooface worm, it spams the friends belonging to the owner of the computer by leaving comments on their profiles. Those comments appear to come from the infected user, saying things like "Are you sure this is your first acting experience?", "is it u there?", "impressive. i'm sure it's you on this video", "How can anyone get so busted by a spy camera?" and "You're the whole show! i'm admired with you." Save for that last one, whose bad English will likely raise a flag that all is not what it seems, the other comments appeal to people's vanity. They wonder: is that really a video of me? and then click through on the link provided.
The link actually takes them to an off-site page which pretends to offer a video download from "YuoTube," but then stalls saying that you'll need a new version of Adobe's Flash Player installed in order to continue. Of course, if you click the button to proceed with the install, you're infected. Infected users are then directed to even more contaminated web sites when they try to use search engines, which puts them at risk of identity theft, among other things. "Search terms are directed to find-www.net," said McAfee's Craig Schmugar, and that "enables ad hijacking and click fraud."
Social Networks Will Be the New Breeding Ground for Viruses
Koobface may not be the first bit of malware to hit the social networks, but it has become so widespread that it now accounts for one percent of ScanSafe's blocked malware, said ScanSafe senior security researcher Mary Landesman. (Facebook will not disclose how many members are infected.)
What's frightening about the spread of this Trojan is not the worm itself - it's really nothing new in terms of malware - but the way its being spread. Over the years people have learned to be suspicious of unknown links and attachments in their emails, so the virus writers turned to hit us where we're more vulnerable: on our social networks. Here, many people still have a feeling of comfort and security. They don't always have their guard up.
According to Graham Cluley, senior technology consultant at Sophos, "a key factor which helps social-networking spam and malware succeed is that people are more prepared to click on a link or message if they believe it is from someone they know. The average person is used to receiving unsolicited e-mails in their regular inbox, but believe messages have more credence when they arrive via Facebook. The message is clear -- people need to beware."
Cluley also warns that the situation is going to get worse next year. There will be more attacks and they will become more sophisticated. "It will probably take a long time before the general public begins to learn that hackers and scammers are using the system for their own ends."
How To Protect Yourself From Koobface
Besides doing the obvious - running an up-to-date antivirus, security patches, and firewalls - you should be on the look out for the following:
A sample spam message:
The malicious site:
The warning message:
You should also keep an eye on Facebook's security page (http://www.facebook.com/security) which warns of the latest threats.
Image credits: virus, courtesy of akajos; Facebook screenshots, courtesy of McAfee Avert Labs
ShareRelated Entries
1 TrackBacks
TrackBack URL for this entry: http://www.readwriteweb.com/cgi-bin/mt/mt-tb.cgi/9356
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
I got rid of this virus by choosing a restore point (Microsoft Vista) that was BEFORE this virus was installed, meaning I went back an uninstalled the last good programs I installed (which happened to be Windows updates). I did the restore in safe mode, then ran a scan with Norton.
I also deleted all the cookies and temp files in my browsers.
Afterward, I reinstalled the Windows updates that I had to uninstall to make sure I got rid of this thing.
Once you install this virus you Norton will not see it anymore because you granted it permission to edit your registry, and it has tentacles.
Also, you have to do the install in safe mode or the program reinstalls itself.
I have yet to have this virus come my way but have been spammed on Facebook in the past. The bottom line is people need to figure out what is legit on their own. It's tough most of the time but be careful.
This will be the first of prob many virus'. Hopefully Facebook works on preventing future virus's from messing up people's computer instead of working on the next useless development.
Is this cross platform or do just us Windows people have to worry about it. (I'm gonna get an earful from my Linux friends again).
@Jim: you know mac and linux people don't get viruses!
you need to be very careful on who you add to your profile on any social networking sites
@5... that doesn't matter. I was sent this by a good friend. It's the nature of viruses to spread willy nilly, not just to 'bad' people.
Though, since I have a Macbook, my machine laughed at the attempt to download a .exe file.
@6 so what would you do rick if it was a .dmg would you still laugh!
I got rid of it with ComboFix !
I got tricked by this on Linux, but I kept forgetting what the root password was, and how to make the virus executable. :-P
Wow, just think if these hackers would use their talent for good insteadof evil.
jess
www.Privacy-Center.net
You're calling this a virus. Please. Stop. You're hurting the internet by misinforming people.
This is a trojan. It requires user action to spread. It is not a worm. It is not a virus.
Although this particular virus only affects Windows users there is nothing that would stop exactly the same technique from working on Mac users and most probably Linux users.
It relies on a user downloading a file that they think is legitimate and running it on their computer. They will even quite happily type in their administrator password to install it. There is nothing technological that can be done to stop this. It's a "people problem".
A little paranoia isn't always a bad thing.
Hi and first let me say thanks for the heads up. I recently started getting involve again on Facebook and this information is greatly appreciated. Have a nice day.
@Kami Huyse: WOW. I've been trying desperately to give myself any kind of virus for 5 years without success. How much time did you waste on all that?
Maybe consider switching from windows?
@mullingitover: Welcome to the user from 'Pedant's Corner'. Outside geektown, anything that's bad for your computer is called a 'virus'. This article is trying to stop the trojan from spreading - if it succeeds then it doesn't matter whether it calls it a virus, a trojan or a strawberry jelly.
Easy solution... buy a mac. Problem solved.
Facebook, or as I like to call it, FaceChook, just won't be the same again. Yes the virus is a trojan, and it does misuess common and innocent vanity, the malicious creators could serve humanity by creating works of good rather than annoyance, but the reallity is simple: FaceChook was begging for a Trojan. Every used on FaceChook is a 'social' Trojan.
Is this a real article or a Mac advert? its hard to tell really.
I was able to fix it with ComboFIx
@ PC Guy... why pay for overpriced equipment? You simply install a free version of Linux on your PC ;-)
*sigh* Windows might be a guy in a suit, Mac might be a trendy youngster... but Linux can be either or both (or perhaps it's just all of the village people in one!)
Seriously folks, stop with the whole Mac Vs. PC thing in the case of a trojan where it is not even relevant. This is not an exploit, it doesn't make use of security flaws or backdoors, instead it just uses social engineering to persuade people to install it and give it the relevant privileges. If you hand a burglar your keys and the code to your alarm, you can't blame the manufacturer of the door or the burglar alarm when something goes wrong. There is nothing to stop a similar exploit being used on any OS with net capabilities under the sun.
The best way to avoid problems such as this is to be wary and to keep abreast of the latest security information.
"@Jim: you know mac and linux people don't get viruses!
Posted by: Sarah Perez"
Yes, they do... There is just less compared to windows because there are much less mac users (5%), why target the few?
@Jeff I am a windows user and haven't had any kind or virus, worm, or trojan in over 7 years. I had a bad day, so sue me. :P
Are you kidding me? This isn't a Facebook virus, this is a Windows/MSIE virus. Get your facts straight.
"Yes, they do... There is just less compared to windows because there are much less mac users (5%), why target the few?"
@Diamonds:
Are f*cking kidding me? Do you KNOW that 50-70% of the world's server run Linux? You could make trillions of dollars in damage were someone able to write one that propagated well enough.
Desktop users are only a slim slim part of the picking there bub.
The only people susceptible are people who are not very good with computers. It is pretty obvious if someone sends a video to ALL of his friends that says that ALL of them look good in ONE video. It is so easy to avoid, whenever someone receive the thread, warn everyone else, or each network could post warnings.
Is this a real article or a Mac advert? its hard to tell really...
@Alice Perhaps if you could tell the difference between an article and the comments that follow, you wouldn't be so confused.
I wish ppl wld just use common sense. Unless I know someone very well....I will not add them to my email/friend list.
I never accept comments/email from ppl I don't know.
These hackers would have little success if everyone was just a little more careful!!
Take the joy out of their lives and take care of your computers.
It illustrates the general principle of online use. Whether you use a PC or a MAC, whether you run Windows or Linux or Firefox, when you use an application like Facebook you're still online. Online is like a public marketplace. There are a few bad people out there besides the friends we meet, and we need to be careful online -- just as we would be in a strange city -- and know that not everyone's intentions are good. Fortunately there are also kind strangers in this marketplace that know how to remedy the results of an attack should it happen, but prevention is the best way to go when possible.
nice chat people.. you all defend points that make no common sense outside your ego-spheres.
basically there are thousands of malware that depend on un-informed peoples to actions.
i would like to raise a point:
has anybody here noticed that the infection actually happens after YOU UPDATE YOUR FLASH VERSION. What does that have to do with facebook? you have to click like 4 or 5 times to actually get infected, this is like a fool-proof virus..
yet the problem is that everyday so many people jump in to the web wagon, are introduced and many fascinated by the internet, so it is to THEM that this type of thread is aiming.
anybody who's been using the internet for a while and knows a little about it would realize some things, such as being redirected to another url outside facebook, that the www.#######.com is NOT facebook.com, huh, isnt that suspicious?
maybe if flash wasnt such a pain in the arse and wouldnt force you to upgrade all the time this wouldnt happen, but then of course vulnerabilities would be the issue and the company would sink. there are vulnerabilities on every code written and implemented on the web.
some other people here post about the superpowers of these evil hackers. who actually says this: this is aimed at stupid consumers, people who like to spend hours je*king off looking at other people's photos, profile and bs, who use dumb passwords, leave their emails open and walk away from computers, etc.
These type of people are learning about computers, the web, are innocent and most are computer illiterates. why doesnt every social network try to inform them more clearly, perhaps introduce them with a clear, easy-step-by-step introduction to their service, the web in general, etc. it was not until millions got hacked, that myspace started posting as important announcements that users should be careful about where they click and go.
Man, while there are people not only in Africa, but all over the world with some serious concerns, no family, no food, no roof, what is a computer for them?
yet we are all worried about this virus and them hackers, right. it is true that we are going to have to deal with the fact that people try to deceive your attention, spam you, trick you into buying viagra, cialis and watch porn amongst many other things online. and all these hackers want other than prove a point, is to get your fri**ing contacts list so they can sell it to the spammers and or spam you themselves. but then again, you can just write a cheesy facebook app and they`d give that to you anyway.
F.
www.files3.com
I was able to fix it with ComboFIx...
Are you kidding me? This isn't a Facebook virus, this is a Windows/MSIE virus. Get your facts straight...
Is this a real article or a Mac advert? its hard to tell really....
What is wrong with Facebook today, Dec 20th. Just an error message comes up saying they're working on it. Is it down everywhere? Or just my computer? Haven't been able to get in all day.
@ Donna
I have been getting that message for two days now
its decemeber 21st and I can access facebook on my sidekick but I havent been able to access it on my laptop.
Donna, Mandy, I have the SAME problem. I think I got the 'trojan' that everyones talking about. I get tons of pop ups. My facebook has been saying "facebook.com/common/error." for about 3 days now. My blackberry works fine with facebook. I've used different computers to log into my facebook, but for some reason just MY personal computer won't let me log in..
Anyone have any idea how to help me out??? I've been very frustrated the last couple days.
The virus image is from Dreamstime.com You should go there and pay for the right to use it.
Best regards,
Akajos